Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2694

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-2694
Last Modified 22 Oct 2012 11:09:43
Published 21 Aug 2009 07:02:41
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2694

Summary

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Vulnerable Systems

Application

  • Adium 1.2.7

  • Adium 1.3

  • Adium 1.3.1

  • Adium 1.3.2

  • Adium 1.3.3

  • Adium 1.3.4

  • Adium 1.3.5

  • Pidgin 2.0.0

  • Pidgin 2.0.1

  • Pidgin 2.0.2

  • Pidgin 2.1.0

  • Pidgin 2.1.1

  • Pidgin 2.2.0

  • Pidgin 2.2.1

  • Pidgin 2.2.2

  • Pidgin 2.3.0

  • Pidgin 2.3.1

  • Pidgin 2.4.0

  • Pidgin 2.4.1

  • Pidgin 2.4.2

  • Pidgin 2.4.3

  • Pidgin 2.5.0

  • Pidgin 2.5.1

  • Pidgin 2.5.2

  • Pidgin 2.5.3

  • Pidgin 2.5.4

  • Pidgin 2.5.6

  • Pidgin 2.5.7

  • Pidgin 2.5.8


References

DEBIAN - DSA-1870

CONFIRM - http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e

REDHAT - RHSA-2009:1218

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=514957

VUPEN - ADV-2009-2663

VUPEN - ADV-2009-2303

CONFIRM - http://www.pidgin.im/news/security/?id=34

MISC - http://www.coresecurity.com/content/libpurple-arbitrary-write

SUNALERT - 266908

SECUNIA - 37071

SECUNIA - 36708

SECUNIA - 36402

SECUNIA - 36401

SECUNIA - 36392

SECUNIA - 36384

CONFIRM - http://developer.pidgin.im/wiki/ChangeLog

EXPLOIT-DB - 9615


Last Updated: 27 May 2016 10:53:37